Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 13 • 11:20am - 12:10pm
Seamless Upgrades for Credential Security in Apache Tomcat - Christopher Schultz, Total Child Health

Sign up or log in to save this to your schedule and see who's attending!

Clear-text credentials (user passwords) were never a good idea. Not only are both MD5 and SHA1 now dead, even more modern hashing algorithms aren't appropriate for credential storage in an era of hash-lookup sites. Some recent additions to Apache Tomcat have made it easier to use more secure credential-storage mechanisms along with container-managed security. They can even be used to seamlessly upgrade from older, less-secure algorithms to newer, more secure ones.

We'll investigate the modifications to Tomcat that allow developers and operations staff to use these features, and look at how to actually plug custom credentials-handling mechanisms into an existing Tomcat-based application.

Speakers
avatar for Christopher Schultz

Christopher Schultz

Chief Technology Officer, Total Child Health, Inc.
Christopher Schultz is the CTO of Total Child Health, Inc. where he leads a small team of engineers to build server-side healthcare-related software in Java. Chris is an active member of the Apache Tomcat and Velocity communities as well as a committer on both projects and Tomcat PMC and security team member. He has attended and spoken at several previous ApacheCon events and helped to organize an Apache BarCamp in the Washington, DC area.



Friday May 13, 2016 11:20am - 12:10pm
Plaza A

Attendees (18)